Skip to main content
RufLab is built from the ground up to meet German and European data protection standards. Every call your AI assistant handles is processed on servers located in Germany, governed by GDPR (DSGVO), the German Federal Data Protection Act (BDSG), and aligned with the EU AI Act. You retain full control over your data at every step.

Key compliance features

GDPR compliant

RufLab is fully DSGVO-konform. Data is processed in accordance with Art. 6 GDPR and German national data protection law (BDSG).

German servers, EU-only storage

All data is stored exclusively on servers in Germany. Your data never leaves the European Union.

ISO 27001 certified infrastructure

RufLab runs on ISO 27001 certified servers, providing enterprise-grade physical and electronic access controls.

EU AI Act compliant

Every decision made by the AI assistant is documented and fully traceable. Audit-ready logs and transparent AI logic are built in.

Data encryption

All data is encrypted in transit using TLS/SSL and encrypted at rest. Connections are secured via HTTPS at all times.

Full customer control

You can access, export, or delete your data at any time directly from the RufLab dashboard.

What data RufLab collects

When your AI assistant handles a call, RufLab collects and stores the following data to deliver the service:
  • Caller information — the phone number of the incoming caller
  • Call transcripts — a structured record of the conversation
  • Timestamps — the date and time of each call
  • Account and contract data — name, email address, billing information, and usage data tied to your RufLab account
This data is used exclusively to operate the service, generate call analytics in your dashboard, and fulfill contractual obligations.

Data retention

Retention periods follow German statutory requirements. Call transcripts and related call data are retained for the duration of your contract and deleted shortly after it ends, unless statutory retention obligations require a longer period (e.g., 10 years for accounting records under German commercial law). You can configure the retention period for call data directly in your dashboard settings.

Your rights under GDPR

As a data subject under GDPR (Art. 15–21), you have the right to:
  • Access — request confirmation of what data is stored and receive a copy
  • Rectification — request corrections to inaccurate data
  • Erasure — request that your data be deleted
  • Data portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Lodge a complaint — with your national supervisory authority if you believe your rights have been violated
To exercise any of these rights, contact RufLab at ruflab.com/kontakt.

Data Processing Agreement (AVV)

A Data Processing Agreement (Auftragsverarbeitungsvertrag, AVV) is available on request. If your business requires a signed AVV to use RufLab, contact us at ruflab.com/kontakt and we will provide one promptly.
RufLab processes personal data under the following legal bases:
  • Art. 6(1)(b) GDPR — processing necessary for the performance of a contract
  • Art. 6(1)(c) GDPR — processing required to comply with legal obligations
  • Art. 6(1)(f) GDPR — processing based on legitimate interests, including service security and business operations